Error with Webhook Header key, Misused header name. For Splunk integration

patrik_lindstrom · 13 November 2018 14:52

Webhook Authorization Http Header problem.

I am trying to set up a webhook that should send document and deploy events to Splunk via Splunk HEC. I am using the Header key Header Value fields in set up of webhook through subscription but I get an error on misued header name.

It works fine when I send http request with to splunk from my powershell script. . it also work fine when we use serilog to log to Splunk through Splunk HEC

$token = '3CEBFC88-75FD-4FE3-BA83-D5DxxxxxxxA4'
$port = "443"
$header = @{Authorization = "Splunk $token"}
$url = "https://splunklabhec.xxxx/services/collector"
$event = @{
    host = $env:computername......
......
    } 
} | ConvertTo-Json -Depth 3
Invoke-RestMethod -Method Post -Uri $url -Headers $header -Body ([System.Text.Encoding]::UTF8.GetBytes($event))

I can see the request/respons in Fiddler :

But when I try the same from Octoupus Deploy.

I get the error:

Failed to send ‘splunktest’ webhook request. Misused header name. Make sure request headers are used with HttpRequestMessage, response headers with HttpResponseMessage, and content headers with HttpContent objects.
System.InvalidOperationException: Misused header name. Make sure request headers are used with HttpRequestMessage, response headers with HttpResponseMessage, and content headers with HttpContent objects.
at System.Net.Http.Headers.HttpHeaders.CheckHeaderName(String name)
at System.Net.Http.Headers.HttpHeaders.Add(String name, String value)
at Octopus.Server.Schedules.EventNotifications.NotificationCreator.d__16.MoveNext()
Octopus.Server version 2018.9.7 (2018.9.7+Branch.master.Sha.bc1aa5ccec678935363ecf0dc4c018f3a4bafb82)
November 13th 2018 13:31:51Info
‘splunktest’ successfully finished processing.

It looks to me that this an error thrown in Octopus Deploy before anything is sent to our splunkserver since I can’t see that anything is sent to splunk while monitoring all traffic with Fiddler.

I do not understand the error message in the CheckHeaderName method. Why should not Authorization be a valid header key ?

Is this a bug in Octopus? Or have I misunderstood the concept of Webhooks in Octopus? Or should the key be formated differently.

Could you use without validation as suggested here on SO ?

I have tried it on our production Splunk environment and also on a local latest version of Octopus Deploy.

distantcam · 14 November 2018 02:53

Hi Patrik,

Thanks for contacting us. It looks like the header value is applied as a content header instead of a request header. So the only headers allowed are from https://docs.microsoft.com/en-us/dotnet/api/system.net.http.headers.httpcontentheaders?redirectedfrom=MSDN&view=netframework-4.7.2

Looking into this I’m pretty sure this is a bug, as API keys were the reason this was added, and they’re usually in the request header, not the content header. I’ve opened an issue (https://github.com/OctopusDeploy/Issues/issues/5090) and hopefully we can get this fixed soon.

Thanks
Cam

patrik_lindstrom · 14 November 2018 07:19

Hi Cameron.
Great that you so quickly found the cause.
In what version do you think this will be fixed ?
Is it a week or two month away until a version is downloadable where the Authorization headerkey works in the webhook ?

Best Regards
Patrik

distantcam · 15 November 2018 02:02

The patch has been done, and is in 2018.9.10 which if it doesn’t ship today should ship out early next week.
Thanks for your patience.

system · 15 December 2018 02:02

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.